System and method for providing secure transmission, search, and storage of data

ABSTRACT

A system and method for securely transmitting, searching, and storing data. To ensure security on the client side of a communication network, the system and method double encrypt sensitive data and single encrypt non-sensitive data. The system and method also fuzzy searches for user information. Thus, it is possible to find the information for the user in a database knowing only a minimal amount of detail about that user. Privacy and security is provided without impeding performance or compromising any of the standard database search functionality. Capitalizing on the difference in privacy requirements between users, the number of keys required to access sensitive data is minimized by using a single key for each user (e.g., a patient) and two keys for other users (e.g., health care providers).

CROSS REFERENCE TO RELATED APPLICATIONS

[0001] This application is a divisional of U.S. patent application Ser.No. 09/388,025, filed Aug. 31, 1999.

FIELD OF THE INVENTION

[0002] The present invention relates to computer and network security,and more particularly, a system and method for securely transmitting,searching, and storing data.

BACKGROUND INFORMATION

[0003] Advances in computer and communications technology have increaseda free flow of information within networked computer systems. While aboon to many, such free flow of information can be disastrous to thosesystems which process sensitive data. In a typical networked computersystem, one or more clients are connected over a communication networkto a server.

[0004] The risk of a security breach is compounded when a pathway isprovided from a private network to a public network such as theInternet. The Internet is a loose conglomeration of networks connectedto a standard network protocol. One of the benefits of accessing theInternet is that the vast amounts of information can be accessed by theuser. However, of such unobstructed access, the danger is that there arelittle or virtually no controls on what individuals can access and whatthey may do with such access. When data is stored or transmitted whichallows parties, to access such data even though they are not authorizedto access it, it is necessary to take steps to insure the security ofthat stored data and to ensure the integrity of data transmitted fromone computer to another (e.g., via the Internet).

[0005] A number of measures, e.g. encryption procedures, have been usedto reduce the vulnerability of the networked systems to unauthorizedaccess. Conventional encryption procedures encode data to prevent theunauthorized access, especially during the transmission of the data.Encryption procedure is generally based on one or more keys, or codes,which are essential for decoding, or reverting the data into a readableform.

[0006] The traditional encryption techniques focus on the security ofthe transmission and ignore the security of storage. These techniquesprovide a protection against the first kind of attacks which includeintercepting the data as it is being transmitted. The encryptiontechniques not only allow the authentication of the sender of a message,but also serve to verify the integrity of the message itself, thusproving that the message has not been altered during the transmission.Such techniques include the use of both symmetric and asymmetric keys,as well as digital signatures and hash algorithms.

[0007] The encryption algorithms or procedures are generallycharacterized in two categories: symmetric and asymmetric. Symmetricalgorithms use one key to encrypt and decrypt a message. An encryptionkey is a sequence of bits that can be used to encode or decode amessage. These symmetric algorithms require that both the sender and theintended receiver of the message (and no one else) know the same key. Onthe other hand, asymmetric algorithms use two separate keys e.g., apublic and a private key to encrypt and/or decrypt a message. The publickeys are published, (i.e., in the sense that the public key is availablefrom a particular service; such as a telephone directory) so thateveryone knows everyone else's public key. The private keys, on theother hand, are kept secret by the owner.

[0008] Thus, in a situation where, for example, a patient wanted to sendan encrypted message to his or her doctor, the patient would use thedoctor's public key to encrypt the message, and then send the encryptedmessage to the doctor. The doctor would then use his private key todecrypt the message.

[0009] The practice of using encryption protocols or procedures toauthenticate message senders as well as the integrity of messages iswell known in the art (see e.g., Bruce Schneier, Applied Cryptography,Protocols, Algorithms, And Source Code In C, 2d ed., John Wiley & Sons,Inc., 1996).

[0010] Conventional systems and methods suffer from, e.g., at least fourdeficiencies:

[0011] 1. Restricted media and time: data management security measuresonly apply to data transmission, thus exposing stored data to anunauthorized access or unauthorized data manipulation;

[0012] 2. Exceeded user generality: data management security measuresignore interaction patterns between individuals or user groups;

[0013] 3. Exceeded application scope: security measures ignore specificrequirements of particular applications (e.g., medical use); and

[0014] 4. Exceeded implementation demands: security measures require n-1keys for a group of n people. (as discussed in the publication bySchneier listed above).

[0015] Accordingly, there is a need for a system and method whichelevates the security standards across all digital media and preventscompromising data (e.g., patient data) in case of an authorized accessof the server. Moreover, there is a need for a system and method thatcombines security and privacy protection without impeding dataprocessing performance or conventional query scope in a relationaldatabase.

SUMMARY OF THE INVENTION

[0016] The present invention is directed to a method and system thatsatisfies the need of securely transmitting, searching, and storingdata. Such a system and method allows a user to transfer data securelyto a private network by pre-encrypting sensitive data with an encryptionkey, encrypting both non-sensitive data and the pre-encrypted data witha different encryption key and sending this encrypted data to a privatenetwork.

[0017] In an embodiment of the system and method, a server is configuredto perform fuzzy searching. The procedure for fuzzy searching includecreating trigrams for each record in a record database, sorting thetrigrams alphabetically, computing signature vectors for each record inthe record database, encrypting the signature vectors with an encryptionkey, and storing the encrypted signature vectors in an encryptedsignature database. In addition, the above steps are performed to obtainan encrypted signature vector for a search query. Thereafter, theclosest encrypted signature vector is obtained from an encrypted vectordatabase (i.e., the encrypted signature vector that is closest to thesearch query encrypted signature vector is obtained).

[0018] According to another embodiment of the present invention, therecord database which contains both non-sensitive data and encryptedsensitive data is searched. This is accomplished by encrypting thesearch query with an encryption key. Then, one or more recordssatisfying the search query are found.

[0019] Another embodiment of the present invention allows authorizedusers access to the encrypted sensitive data. First, the database whichcontains information is checked to determine which users are authorizedto access certain data, and if the user is authorized to access suchdata, then the user is allowed to access a master encryption key. Withthe master encryption key, a further encryption key is decrypted. Thisfurther encryption key provides access for the user to the sensitivedata.

BRIEF DESCRIPTION OF THE DRAWINGS

[0020]FIG. 1a shows an exemplary embodiment of a system according to thepresent invention.

[0021]FIG. 1b shows exemplary keys utilized for authenticating theinterface server in the system illustrated in FIG. 1a.

[0022]FIG. 1c shows exemplary keys utilized for transmitting, receiving,and storing data in the system illustrated in FIG. 1a.

[0023]FIG. 1d shows exemplary keys utilized for fuzzy searching adatabase in the system illustrated in FIG. 1a.

[0024]FIG. 1e shows exemplary keys utilized for relational databasesearching in the system illustrated in FIG. 1a.

[0025]FIG. 1f shows exemplary keys utilized for accessing sensitive datain the system illustrated in FIG. 1a.

[0026]FIG. 1h shows an exemplary embodiment of a method in which a usercommunicates with a private network.

[0027]FIG. 2 shows another exemplary embodiment of a method according tothe present invention for authenticating an interface server.

[0028]FIG. 3 shows another exemplary embodiment of a method according tothe present invention for securely transmitting and storing data.

[0029]FIG. 4 shows another exemplary embodiment of a method according tothe present invention for performing the searching operation.

[0030]FIG. 5 shows another exemplary embodiment of a method according tothe present invention for accessing sensitive data.

DETAILED DESCRIPTION

[0031] Overview

[0032] The system and method according to the present inventionaddresses the problems of conventional systems and methods as discussedabove by, e.g.: (1) securely transferring and storing sensitive data ina performance enhancing manner by double encrypting preferably only thesensitive data; (2) performing fuzzy searching to allow access to userinformation knowing a limited amount of information about the user; (3)performing relational database operations on a database that containsunencrypted non-sensitive information and, possibly, encrypted sensitiveinformation; and (4) allowing authorized users access to the sensitiveinformation using a minimum number of keys.

[0033] To reduce a performance overhead associated with an informationprotection process, only a subset of the stored data may be protected(e.g. only a subset of the stored data may be encrypted). Initially, thedata is segmented into two basic data types using the sensitivitycriteria. For example, in the healthcare industry, the time of the dayin which a procedure is scheduled is not sensitive information. Everypatient ultimately needs to know when a particular doctor is available,and so, this information should be readily available. However, the nameof the patient involved is sensitive information which should beprotected.

[0034] The system and method is suitable in a situation where there aretwo interacting groups of users and two classes of records. The twointeracting groups of users are a privileged user group and anon-privileged user group. A user can be generally defined as either aprivileged user or a non-privileged user. For example, in the healthcareindustry, the two interacting groups of users would be the patients(e.g. the non-privileged user group), and the healthcare providers suchas doctors (e.g. the privileged user group). The two classes of recordswould be, e.g.: (1) patient records (e.g., non-privileged user records)and (2) the doctor records (e.g., privileged user records).

[0035] For example, the patients grant access privileges (to theirrecords) to some doctors and deny access to all other patients anddoctors. The doctors to which privileges were granted, in consultationand agreement with their patients, grant access privileges (to some ofthose patient records) to some doctors. The doctors also grant accessprivileges to their research to some other doctors and to some patients(see Table 1 below for a listing of the exemplary privileges which maybe granted). The system and method according to the present inventionutilizes the asymmetry of the privilege granting scheme to minimize thenumber of keys used by the participating users. TABLE 1 Access PrivilegeAsymmetry Doctor research Patient records records Patient grants To somedoctors No access Doctor grants To some doctors and To some doctorsaccess some patients and some patients

[0036] Thus, an asymmetric key protocol is used for allowing atransmission of a client's request to a private network. Data isencrypted or decrypted using a public or private key. Algorithms forencrypting and decrypting data are known in the art and includeRivest-Shamir-Adleman encryption (“RSA”) and Directory System Agentencryption (“DSA”).

[0037]FIG. 1a shows an exemplary embodiment of the system 10 accordingto the present invention. An asymmetric key protocol is used forsecurity purposes. A private network (arrangement) 150 includes, e.g.,an application server 100, a record database 105, a key-store database115, a fuzzy signature database 120, and a permission database 125.

[0038] A public network 135 can be a network in which all users haveaccess without the need for bypassing security measures. An example ofthe public network 135 is the Internet. An interface server 130 iscoupled between the private network 150 and the public network 135 thusallowing users (e.g., physicians and patients) access to information onthe private network 150. A client 140 may include all of the users whorequire access to information from the private network 150. When thepresent invention is used in the medical setting, the client 140 may bea physician or a patient. A verification processor 145 performs averification function by comparing the two parts of a certificatetransmitted by the application server 100 to determine if these twoparts match and if so, the interface server 130 is authenticated. Theverification processor 145 can be implemented using either hardware orsoftware.

[0039] The application server 100 controls the access and retrieval ofdata between the various databases. The record database 105 is adatabase containing information such as, e.g., patient records (e.g.,patient's name, patient's appointments, disease history, diseasediagnosis, etc.) and doctor records (e.g., doctor's research on variousdiseases). Some of this information, such as the patient's name anddisease history, is sensitive information and thus is encrypted usingthe patient's public key.

[0040] The key-store database 115 is a database containing the users'private keys which are encrypted using a key-store master symmetric key.The fuzzy signature database 120 is a database containing signaturevectors for each of the users in the record database 105, with eachsignature vector being encrypted using the user's public key. Thepermission database 125 is a database containing information regardingwhether a specific user (such as a doctor or patient) has access to aspecific file or record.

[0041] The system and method according to the present invention uses anencryption procedure, e.g., at five phases:

[0042] 1. Selected sensitive information is encrypted at the sourcelevel. This information remains encrypted during storage.

[0043] 2. All data that is to be transmitted is encrypted is encryptedusing a key.

[0044] 3. Private keys are encrypted and stored in the key-storedatabase 115. All doctors may share a single key to decrypt keys in thekey-store database 115.

[0045] 4. Sensitive query conditions are encrypted to enable standardSQL searching while preventing retrieval of similar but irrelevantsensitive data.

[0046] 5. Fuzzy signature vectors for every user record in the recorddatabase 105 is encrypted with the user's public key. Such encryptionallows fuzzy search for data including specific sub-strings byencrypting the sub-strings with the user's public key and searching thefuzzy signature database 120.

[0047]FIGS. 1b to if shows exemplary keys which can be used forencrypting and decrypting data. In this exemplary embodiment, anasymmetric encryption algorithm may be employed using both public andprivate keys. Once data is encrypted using a public key, it can only bedecrypted using the corresponding private key. Alternatively, if data isencrypted using a private key, it can only be decrypted using thecorresponding public key. The public keys can be obtained by anyonefrom, for example, a service similar to a telephone directory. Theprivate keys, however, are kept secret.

[0048]FIG. 1b shows the keys which may be used to authenticate theinterface server 130. The application server 100 sends a certificate tothe client 140. The certificate contains both an unencrypted text partand an encrypted part. The encrypted part of the certificate isencrypted using the private key of the verification processor 152. Oncethe certificate is received by the client 140, the encrypted part of thecertificate is decrypted using a public key of the verificationprocessor 154.

[0049]FIG. 1c shows the keys which may be used in transmitting,receiving, and storing data. For example, when the client 140 transmitsdata to the application server 100 in the private network 150, theclient 140 pre-encrypts sensitive data using the user's public key 158(i.e., the user whose information is to be found from the recorddatabase 105). Then the client 140 encrypts both non-sensitive data andthe sensitive data using an application server's public key 160. Afterthe application server 100 (in the private network 150) receives theencrypted data from the client 140, the application server 100 decryptsboth the sensitive data and the non-sensitive data using an applicationserver's private key 161. However, the sensitive data remains securebecause that data is only accessible when it is again decrypted using auser's private key 164.

[0050] When the application server 100 transmits data to the client 140,it uses the user's public key 158 to encrypt the requested data. Theuser's public key 158, as defined herein, is the public key of the user,for example in the case of a database search, whose data is to beretrieved from the record database 105. When the client 140 receives theencrypted data from the application server 100, it decrypts that datausing the user's private key 164. The user's private key 164, as definedherein, is the private key of the user, for example in the case of adatabase search, whose data is to be retrieved from the record database105.

[0051]FIG. 1d shows the key which may be used in a fuzzy search. Theapplication server 100 encrypts all signature vectors corresponding toall records in the record database 105 using the user's public key 158.In addition, the application server 100 encrypts the signature vectorfor a particular search query using the user's public key 158.

[0052]FIG. 1e shows the key which may be used in a relational databasesearch. If the search query relates to or utilizes sensitive data, thenthe application server 100 encrypts the search query using the user's(e.g. patient's) public key 158. Because sensitive information isencrypted in the database which is to be searched, the encryption of thesearch query allows standard relational database operations to beperformed on encrypted data in such a database. Standard relationaldatabase operations include searching using, e.g., the SELECT andIF-THEN command.

[0053]FIG. 1f shows the keys which may be used for accessing sensitivedata. The application server 100 uses first user's (e.g., doctor's)key-store master key 168 to decrypt the second user's (e.g., patient's)private key 164 (which is stored as an encrypted key in the key-storedatabase 115). The application server 100 accesses the sensitive data inthe record database 105 by decrypting the sensitive data using thesecond user's private key 164. The user's private key 164, as definedabove, is the private key of the user, for example in the case of adatabase search, whose data is to be retrieved from the record database105.

[0054]FIG. 1h shows exemplary steps of the method according to thepresent invention for allowing a client 140 to communicate with aprivate network 150. In step 20, the client 140 authenticates theinterface server 130 by, e.g., requesting and checking the contents of acertificate. In step 25, the client 140 determines if the interfaceserver 130 is properly authenticated. If the interface server 130 is notproperly authenticated then in step 27, the client 140 notifies the userof this authentication failure. If the interface server 130 is properlyauthenticated, then in step 30, the client 140 transmits data to theapplication server 100. In step 40, the application server 100 performsthe operation requested by the client 140 if the client 140 isauthorized to perform that operation. If in step 50, the applicationserver 100 determines that the client 140 is authorized to perform theoperation, then in step 60, the application server 100 returns therequested information to the client 140. If, however, the applicationserver 100 determines in step 50 that the client 140 is not authorizedto perform the requested operation, then in step 70, it notifies theclient 140 of the denial.

[0055] Authenticating the Interface Server

[0056]FIG. 2 represents the process for authenticating the interfaceserver 130. In step 200, the client 140 authenticates the interfaceserver 130 by requesting a certificate from the interface server 130.The certificate contains two parts, e.g., an encrypted part which isencrypted using the private key of the verification processor 145 and aclear text part (an unencrypted part). The certificate also contains theapplication server's 100 public key. In step 205, the interface server130 sends a request for the certificate to the application server 100.In step 210, the application server 100 transmits the certificate to theclient 140 and encrypts the encrypted portion of the certificate usingthe private key of the verification processor 145.

[0057] In step 215, the client 140 (after receiving the certificate fromthe application server 100) separates the certificate into two parts,i.e., the encrypted part and the clear text part. In step 220, theclient 140 (using the public key of the verification processor 154 whichwas sent with the certificate) decrypts the encrypted part of thecertificate and in step 225, determines if the decrypted part matchesthe clear text part. If both parts match, then in step 235, the client140 determines that the interface server 130 is properly authenticated.However, if both parts do not match then, in step 230, the client 140displays an error message. This process for authenticating the interfaceserver 130 is can be implemented using, e.g., Verisign in the MicrosoftInternet Explorer® or Netscape browsers.

[0058] Transmission and Storage of Data

[0059]FIG. 3 shows exemplary steps of the exemplary embodiment of thepresent invention which may be used by the client 180 to transmit asecure request to the application server 100. In step 305, the client140 retrieves the application server's public key 160 from thecertificate. In step 310, the client 140 pre-encrypts sensitive data inthe message using the user's (e.g. patient's) public key 158. In step315, the client 140 encrypts all of the message which results in furtherencrypting the sensitive data with the application server's public key160. In step 320, the client 140 transmits the encrypted message to theinterface server 130. In step 325, the interface server 130 sends theencrypted message to the application server 100. In step 330, theapplication server 100 decodes the message using its private key 166. Instep 335, the application server 100 stores the message in the recorddatabase 105. The sensitive data stored in the record database 105remains encrypted with the user's public key 158.

[0060] The above described method is advantageous because the prior artmethods do not perform this double encryption, thus leaving thesensitive information unprotected on the application server 100. (Seee.g., Bruce Schneier, Applied Cryptography, Protocols, Algorithms, AndSource Code In C, Pg. 28, 2d ed., John Wiley & Sons, Inc., 1996). Withthe above described method, the sensitive information remains encrypted,and thus protected on the application server 100. If a break-in of theprivate network occurs, the sensitive information remains protectedbecause, e.g., only the user's private key 164 can decrypt thatsensitive information.

[0061] The Search Operation

[0062] In step 40 of FIG. 1h, the application server 100 performs theoperation requested by the client 140. This operation can be a searchfor a particular record, or an insertion or deletion of a record. For asearch operation, FIG. 4 shows exemplary steps which may be used tosearch for a particular record. In step 402, the application server 100obtains the search query that the client 140 previously transmitted. Instep 404, the application server 100, determines if the search requiresfuzzy searching. Fuzzy searching is required if the user sitting at theclient 140 selects fuzzy searching rather than performing traditionalsearching which requires an exact match of the search query with a termin the record.

[0063] If the fuzzy searching is required, then in step 406, theapplication server 100 may create trigrams for every record in therecord database 105. A trigram is a string of three letters. The set ofall trigrams for any given portion of text characterizes that text andmay be used for its identification in a limited size environment. Forexample, the word “cryptography” has the following trigrams: “cry”,“ryp”, “ypt”, “pto”, “tog”, “ogr”, “gra”, “rap”, “aph”, and “phy”. Instep 408, the trigrams are sorted, e.g., alphabetically. Thus, for theabove example, the trigrams would be ordered as: “aph”, “cry”, “gra”,“ogr”, “phy”, “pto”, “rap”, “ryp”, “tog”, and “ypt”.

[0064] In step 410, the application server 100 computes a signaturevector for each record. The signature vector is a trigram frequencyvector for the entire alphabet. In the previous example, the signaturevector for the word “cryptography” has 0's in all positions startingwith “aaa” and ending with “zzz”, except for 1's in the positions of“cry”, “ryp”,“ypt”, “pto”, “tog”, “ogr”, “gra”, “rap”, “aph”, and “phy”.For example, the vector for cryptography would have the followingvalues: aaa aab aac . . . aph . . . crp . . . gra . . . ogr . . . phy  0   0   0 . . . 1   . . . 1   . . . 1   . . . 1   . . . 1

[0065] The signature vector can also be calculated using other methods,such as using quadgrams or pentagrams rather than trigrams.

[0066] In step 412, the application server 100 encrypts the signaturevector using the user's public key 158 (i.e., the public key of the userwhose information is to be retrieved from the record database 105). Instep 414, the application server 100 stores the encrypted signaturevector in the fuzzy signature database 120. In step 416, using, e.g.,the above method employing the trigrams, the application server 100computes the signature vector for the search query. In step 418, theapplication server 100 encrypts this signature vector using the user'spublic key 158 which results in an encrypted fuzzy query.

[0067] In step 420, the application server 100 finds the encryptedsignature vector in the fuzzy signature database 120 for which the innerproduct with the encrypted fuzzy query holds the maximum value. Thelarger the inner product between the encrypted signature vector and theencrypted fuzzy query, the smaller the cosine of the angle (and thus thesmaller the angle) between these two vectors. Computing the innerproduct is performed using the formula:$\sum\limits_{i = 1}^{n}{{x(i)} \cdot {y(i)}}$

[0068] where x(i) and y(i) are vectors, and n is the number ofdimensions of the vectors. The smaller the angle, the smaller thedifference between the vectors which results in finding the signature inthe fuzzy signature database that is closest to the query. The systemand method according to the present invention, however is not limited toa use of the inner product to find the one vector from a group ofvectors that is closest to a query vector. It is also possible to useother conventional methods for finding the one vector from a group ofvectors that is closest to the query vector. In step 422, the searchquery is set to the signature vector whose inner product has the maximumvalue.

[0069] In step 424, the application server 100 determines if the searchquery involves sensitive data (e.g., searching on sensitive data such asthe patient's name). If the search query involves sensitive data then instep 428, the application server 100 encrypts the search query using theuser's public key 158 before searching in the record database 105. Thisencryption should be performed because the sensitive information (suchas the patient's name) stored in the record database 105 is encryptedwith the user's (e.g., patient's) public key 158 (refer to the sectionabove on “Transmission and Storage of Data”).

[0070] If the search query is not encrypted, then standard relationaldatabase operations such as SQL queries would not work when searchingfor encrypted entries in the database. For example, if a doctor wasprovided with all the appointments for a particular patient, it is notpossible to simply execute a SELECT statement where the patient's nameis equal to a certain value because the patient's name (which issensitive data) is encrypted in the database. Moreover, because thepatient's name is encrypted with the patient's public key, it can onlybe decrypted using the patient's private key. By encrypting the searchquery, sensitive information can remain encrypted in the database andstandard SQL search capabilities can be performed using the encryptedsearch query. In addition, the patient's private key is not required toperform a search, and therefore sensitive information is notcompromised.

[0071] In step 430, the application server 100 compares the encryptedsearch query to the sensitive patient information in the record database105. If the search query does not involve sensitive data, then in step426, the application server 100 compares the search query with the userinformation stored in the record database 105.

[0072] In step 432, the application server 100 determines if the twoparticular items match. This determination can be made by, for example,comparing the search query or the encrypted search query with therelevant field of a record in the record database 105. If the searchquery requests all patients with the name “John Doe”, then theapplication server 100 searches for all records in the record database105 whose name field contains the name “John Doe”. If the items match,then in step 436, all the records that match the search query arereturned. If the items do not match, then in step 434, the applicationserver 100 reports to the client 140 that its request could not besatisfied.

[0073] After searching and finding the desired information, if thatfound information contains the sensitive information then thatinformation needs to decrypted using the procedure described below.

[0074] Checking Client Authorization

[0075]FIG. 5 shows exemplary steps of the exemplary embodiment of thesystem and method according to the present invention for authorizing theclient's request when sensitive information is involved. Such sensitiveinformation resides in the record database 105 and is encrypted with theuser's (e.g. patient's) public key 158. To decrypt that sensitiveinformation and thus be able to use it, the doctor, patient, or anotheruser must be authorized to access that information. If authorized, theapplication server 100 sends the requested information back to theclient 140. In this embodiment, a first user (e.g., a doctor) is allowedto access sensitive information of second user (e.g., a patient) usingonly three encryption keys.

[0076] In step 502, the application server 100 determines if a firstuser is authorized to perform the requested operation by checking thepermission database 125. The permission database 125 containsinformation as to which users (such as doctors and patients) are allowedto perform operations (e.g., view, search, add, delete, etc.) on thesensitive information located in the records of the record database 105(e.g., doctor research records or patient records). See Table 1 abovefor the list of access privileges that doctors and patients can givewith regards to patient records and doctor research records.

[0077] If the first user is not authorized to perform the requestedoperation on the sensitive information, then in step 506, theapplication server 100 sends a message to the client 140 to notify it ofthe access denial. If the first user is authorized to perform therequested operation on the sensitive information, then in step 508, theapplication server 100 collects the first user's key-store master key168 which that first user provides. In step 510, the application server100, using the first user's key-store master key 168, decrypts a seconduser's private key 164. While in the key-store database 115, the seconduser's private key 164 is encrypted with the key-store master key. Instep 511, the application server 100 obtains the second user's privatekey from the key-store database 115. In step 512, the application server100 uses the second user's private key to decrypt the sensitive datafound in the second user's record in the record database 105.

[0078] The above process of using the key-store master key 168 and thekey-store database 115 provided an improvement in that n-1 keys for npeople are no longer required. (See e.g., Bruce Schneier, AppliedCryptography, Protocols, Algorithms, And Source Code In C, 2d ed., JohnWiley & Sons, Inc., 1996). By using the key-store master key 168 and thekey-store database 115, only three keys (e.g., the doctor's or firstuser's public key 158, the key-store master key 168, and the patient'sor second user's private key 164) are all that may be necessary to givea doctor access to a patient's records.

[0079] The key-store database 115 keeps track of the public and privatekeys of the users. It enables an authorized user to use another user'sprivate key to decrypt a particular piece of the sensitive data. Usageof the key-store database 115 separates the data from the keys. Toprevent an intruder of the application server 100 from gaining access tothe users' sensitive data via the patients' private keys stored in thekey-store database 115, all keys stored in the key-store database 115are encrypted using the key-store master key 168.

[0080] Returning Information to the Client

[0081] The application server 100 may send the client requestedinformation, including the sensitive information, back to the client140. In step 514, the application server 100 gathers the data requestedby the client 140. In step 516, the application server 100 encrypts therequested data using the first user's public key 158. In step 518, theapplication server 100 transmits encrypted requested data to theinterface server 130. In step 520, the interface server 130 sends theencrypted requested data to the client 140. In step 522, the client 140decrypts the encrypted requested data using the first user's privatekey. The decrypted sensitive information of the second user is nowreadable by the first user.

[0082] The system and method of the present invention is not limited tothe medical industry and in particular where a physician or patienttries to access records of another physician or patient. The system andmethod may also be applicable in other asymmetric privilege grantingenvironments. For example, the system and method may be used in acorporate environment where an employer has access to employee's recordsbut the employee might have access to only his or her own record, orhave access to other employee's records depending on that employee'sposition in the company (such as a manager of other employees). Thecompany may have various offices such that a public network would needto be used in order to access certain information from a privatenetwork. In this situation, the system and method again capitalizes onthe asymmetry of the privilege granting scheme to minimize the number ofkeys used by the participating users.

[0083] Another example is the banking environment where a customer's ownbank statement is accessible to that customer but is not accessible toother customers. It is also accessible to certain bank employees such asthe loan department or the payment departments. Because of the asymmetryof the privilege granting scheme, this environment can also capitalizeon the asymmetry to minimize the number of keys used by theparticipating users (e.g., bank customers, bank employees, etc.).

[0084] While the present invention is described in conjunction with thepreferred embodiments, it will be understood that they are not intendedto limit the invention to that embodiment. On the contrary, thisinvention is intended to cover alternatives, modifications, andequivalents, which may be included within the spirit and scope of theinvention as defined by the claims. Furthermore, in the previousdetailed description of the present invention, numerous specific detailsare set forth in order to provide a thorough understanding of thepresent invention. However, it will be obvious to one of ordinary skillin the art that the present invention may be practiced without thesespecific details. In addition, several definitions are provided but itwill be appreciated that these definitions are not meant to be limitingbut are rather provided for context purposes and that among others, thegeneral definition, as understood by-those skilled in the art, alsoapplies. In other instances, well known methods, procedures, components,and circuits have not been described in detail as not to unnecessarilyobscure aspects of the present invention.

What is claimed is:
 1. A system for generating and storing encrypteddata, comprising: a record database which includes a set of records; afuzzy signature database; and an application server performing thefollowing: generating a first set of trigrams for each record of therecords, sorting the first set of trigrams for each record of therecords, generating signature vectors using the first set of trigrams,wherein one of the signature vectors is assigned to a respective recordresiding in the record database, encrypting the signature vectors usinga key to generate encrypted vectors, wherein one of the encryptedvectors is assigned to the respective record, and storing the encryptedvectors in the fuzzy signature database.
 2. The system according toclaim 1, wherein the application server: generates a second set oftrigrams for a fuzzy query, sorts the second set of trigrams, computes aquery vector using the second set of trigrams, encrypts the query vectorusing the key to generate an encrypted fuzzy query vector, and locates aparticular vector of the encrypted vectors in the fuzzy signaturedatabase which substantially corresponds to the encrypted fuzzy queryvector.
 3. The system of claim 1, wherein the first set of trigrams issorted alphabetically.
 4. The system of claim 2, wherein the second setof trigrams is sorted alphabetically.
 5. The system of claim 1, whereinthe record database includes non-privileged user records and privilegeduser records.
 6. The system of claim 2, wherein the key is a public keyof a user.
 7. A method for generating and storing encrypted data,comprising the steps of: generating a first set of trigrams for eachrecord of a record database, the record database including a pluralityof records; for each record of the records, sorting the first set oftrigrams; generating signature vectors using the first set of trigrams,wherein one of the signature vectors is assigned to a respective recordof the records; encrypting the signature vectors using a key to generatethe encrypted vectors, wherein one of the encrypted vectors is assignedto the respective record; and storing the encrypted vectors in a fuzzysignature database.
 8. The method of claim 7, further comprising thesteps of: generating a second set of trigrams for a fuzzy query; sortingthe second set of trigrams; computing a query vector using the secondset of trigrams; encrypting the query vector using the key to generatean encrypted fuzzy query vector; and locating a particular vector of theencrypted vectors in the fuzzy signature database which substantiallycorresponds to the encrypted fuzzy query vector.
 9. The method of claim7, wherein for each record of the records, the first set of trigrams issorted alphabetically.
 10. The method of claim 8, wherein the second setof trigrams is sorted alphabetically.
 11. The method of claim 7, whereinthe records include non-privileged user records and privileged userrecords.
 12. The method of claim 8, wherein the key is a public key of auser.
 13. A machine-readable medium having stored thereon datarepresenting sequences of instructions, the sequences of instructionsincluding particular instructions which, when executed by a processorconnected to a communication network, cause the processor to perform thesteps of: generating a first set of trigrams for each record of a recorddatabase, the record database including a plurality of records; for eachrecord of the records, sorting the first set of trigrams; generatingsignature vectors using the first set of trigrams, wherein one of thesignature vectors is assigned to a respective record of the records;encrypting the signature vectors using a key to generate encryptedvectors, wherein one of the encrypted vectors is assigned to therespective record; and storing the encrypted vectors in a fuzzysignature database.